Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
References
Link | Resource |
---|---|
https://www.foxmole.com/advisories/foxmole-2017-02-23.txt | Exploit Mitigation Third Party Advisory |
Configurations
History
17 Nov 2022, 17:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Dolibarr dolibarr Erp\/crm
|
|
CPE | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:4.0.4:*:*:*:*:*:*:* |
Information
Published : 2017-05-10 14:29
Updated : 2023-12-10 12:01
NVD link : CVE-2017-8879
Mitre link : CVE-2017-8879
CVE.ORG link : CVE-2017-8879
JSON object : View
Products Affected
dolibarr
- dolibarr_erp\/crm
CWE
CWE-287
Improper Authentication